feat: add remotePatterns support for external storage providers#2
Merged
Conversation
Allow optimizing images served from external upload providers (S3, GCS, etc.) by allow-listing their origins, mirroring next/image remotePatterns. Local /uploads/ paths remain allowed by default, so no breaking change. - Port matchRemotePattern/hasRemoteMatch from Next.js (picomatch engine) - Add remotePatterns config option, type, and validator (default: []) - Controller validates absolute URLs against the allow-list; service fetches allow-listed remote images over HTTP - Client loader forwards cross-origin src absolute instead of stripping it Closes #1
Share an ImageSource type and httpError helper between the remote and local read paths; collapse the let+if/else in _optimizeAndCache into a single const destructuring. Behavior unchanged.
Fallow flagged the config validator's cognitive complexity rising from the inlined remotePatterns array/loop check. Extract it to a named helper and add focused tests (the validator previously had zero coverage).
Convert JSDoc /** */ blocks to // line comments across both packages, shorten verbose comments, and drop redundant WHAT comments. No behavior change.
Bump both packages to 1.1.0 and add the CHANGELOG entry for the remotePatterns feature (closes #1).
The readLocalImage/fetchRemoteImage refactor left `ext` destructured but unused in _optimizeAndCache; drop it from ImageSource and both helpers. tsc didn't flag it but eslint no-unused-vars did.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #1.
What
Adds a
remotePatternsconfig option so the plugin can optimize images served from external upload providers (S3, Google Cloud Storage, etc.), mirroringnext/imageremotePatterns. Local/uploads/paths remain allowed by default — no breaking change.How
server/src/remote-pattern.ts) — faithful port of Next.js'smatchRemotePattern/hasRemoteMatch, using the samepicomatchengine so wildcard/edge-case behavior is identical.controllers/image-optimize.ts) — replaces the flat/uploads/check with Next.js's validation flow: reject protocol-relative//, keep/uploads/for local, and for absolute URLs requirehttp(s)+ a matchingremotePattern.services/image-optimize.ts) — fetches allow-listed remote images over HTTP (10s timeout, 50 MB cap) instead of only reading the localpublic/dir.strapi-next-image/src/image-loader.ts) — previously stripped every absolute URL to a relative path, which silently defeatedremotePatterns. Now strips only same-origin Strapi URLs and forwards cross-origin ones absolute. Requires the loaderpath/base to be set to your Strapi URL when using a separate frontend.Notes
400 "url" parameter is not allowedotherwise).Versioning
Both packages bumped
1.0.1→1.1.0; CHANGELOG updated.Testing
matchRemotePattern/hasRemoteMatch, the config validator, controller allow-list branches, and loader cross-origin forwarding.